Any user created on Linux may or may not have a password. Linux stores passwords in encrypted format in /etc/shadow. Here is quick command line code to find if a user has password set.

$ sudo cat /etc/shadow | grep www-data
www-data:*:16519:0:99999:7:::

Second field in above output is *. That means user does not have an encrypted password set. Sometime you may also see “!” or empty string as placeholder for password. That also means that password is not set.